Malicious software used to illegally mine cryptocurrency on over 4000 websites

The National Cyber Security Centre is aware of a compromise of the third-party JavaScript library ‘Browsealoud’ which happened on 11 February 2018. During the compromise, anyone who visited a website with the Browsealoud library embedded inadvertently ran mining code on their computer, helping to generate money for the attackers. No money was taken from users themselves, but the mining code performed computationally intensive operations that were used to earn the cryptocurrency. These operations may have affected the performance and battery life of the devices visiting the site.
Browsealoud was taken offline shortly after the compromise, mitigating the issue.